Versions Compared

Version Old Version 74 New Version 75
Changes made by

Former user

Former user

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Introduction

This document explains illustrates techniques for controlling access to data used in action sequence, sequences in the Pentaho BI Platform. It assumes familiarity with the Pentaho BI Platform, creating action sequences using the action sequence editor, and SQL database queries.   We recommend reading the Creating Pentaho Solutions guide and Getting Started with Design Studio prior to reading this document.

...

Code Block
xml
xml
<pentaho-system>
   ...
   <system-actions>
      <org.pentaho.ui.portlet.PentahoPortletSession scope="session">
         samples/filters/usernameToRegion.xaction
      </org.pentaho.ui.portlet.PentahoPortletSession>
      <org.pentaho.core.session.PentahoHttpSession scope="global">
         samples/filters/setCompanyName.xaction
      </org.pentaho.core.session.PentahoHttpSession>
   </system-actions>
   ...
</pentaho-system>

Now you know how to configure a system action, but what might a system action look like that will assist in controlling access to data?

Info
titleWhat is _Scope_?

In the context of the Pentaho BI Platform, scope describes the lifetime of parameters in the platform's runtime environment. Parameters can scoped at one of four different lifetimes:

  • request: The lifetime of a parameter in request scope is the duration of the current request/response. A parameter in request scope is only available to the thread executing the current request/response.
  • session: The lifetime of a parameter in session scope is a user's session. A session starts when a user logs in, and ends when the user logs out, or the session times out. A parameter in session scope is available to all request/response threads associated with a user's session.
  • global: The lifetime of a parameter in global scope begins when the application server initiates the application, and ends when the application server terminates the application. Parameters in global scope are availabe to threads in any user's session.
  • runtime: Parameters in runtime scope have an infinite lifetime. Their existence transcends the application server's lifetime.
.. </pentaho-system>

...

  • This has certain metaphysical consequences and therefore should be used with appropriate caution. Parameters in runtime scope are available to threads in any user's session.

Developing an Action Sequence to Run As a System Action

...

Next, in the action sequence editor, add an input called name to the Process Inputs tree control. Configure it to be of type string, and define its scope to be session.

When the user logs into the BI Platform, the platform places a parameter called name into the session scope. name is the user name that was used to log into the platform. We can get access to this parameter by defining it as an input to our action sequence.
The DEPARTMENT_MANAGERS table of the SampleData database has the columns MANAGER_NAME, REGION, and EMAIL. MANAGER_NAME is the full name of the manager. We need a mechanism for mapping the user's login name to their fullname. We can then use a SQL query in an action sequence to discover the user's region.
We'll do this by adding a JavaScript action to our action sequence. Using the Process Actions tree control in the action sequence editor, click on the Add control (blue + sign with a triangle next to it), and select Generate Data From -> JavaScript. In the JavaScript editor, add this JavaScript code:

...

We still need to identify name from the Process Inputs tree control as an input to our JavaScript action. Click on the Add control in the Script Inputs editor, and select name.
We also need to identify the fullName variable from our JavaScript code as an output from our JavaScript action. To do this, click in the Script Outputs editor, type in fullName, and identify its type as string.

Now that we have the fullname as an output parameter, we can use that parameter in the next action to discover the region that the manager is responsible for.
In the Process Actions tree control, click on the Add control and select Generate Data From -> Relational. Make sure the JNDI radio button is selected. Identify the name of the Database Connection as SampleData. Add the following query to the Query editor:

...

Info
titleWhat does "Keep Connections Open" mean?

If Keep Connections Open is not checked, when a Relational action runs a database query, it immediately stores the results of the query into a light-weight java object, and closes the connection to the database. This light-weight java object can be stored as a parameter in request, session or global scope. This makes the object available to other actions in this action sequence, and to other action sequences executing at another time.
Often however, the size of a result is very large, making it expensive to copy the contents into a light-weight java object. It is also expensive to have both objects temporarily in memory at the same time. In this case, it makes sense to have "Keep Connections Open" checked.
This will cause the result-set's connection to the database to be kept open. The result-set will be available to other actions in this action sequence. And a copy will NOT be made to a light-weight java object.
In all cases, the connection to the database is closed at the conclusion of the action sequence. This suggests that a result set that was created with "Keep Connections Open" checked should never be placed in session or global scope, since the result set's connection will be closed at conclusion of the current action sequence, making it unusable.

We now have the name of the region that the manager is responsible for, but it is still in the result set. We don't want to keep the relatively "heavy" result set to in our session. We only need the string from the result set with the region name. We can use another JavaScript action to get the region string out of our result set, and then store the region string into our session.
In the Process Actions tree control, click on the Add control and select Generate Data From -> JavaScript.  
Since we need access to the result set from the previous action, in the Scripts Input, click on the Add control and select RS_MANAGERS_REGION
Next, add the following code in the JavaScript editor:

...

(TODO: add note about NOT declaring as var)
This will get the region string out of the result set and place it in a JavaScript variable called strRegion.  

We want to make the variable strRegion available to action sequences that the user may execute later in their session. So we need to place strRegion into the user's session. To do this, add the variable strRegion to the Script Outputs, and identify its type as string. Once we've done this, you'll notice that in the Process Actions tree control, the script output shows up under our JavaScript action. This identifies strRegion as an output of the JavaScript action, but we need it to be an output of our action sequence. 
To make strRegion an output of our action sequence, in the Process Actions tree control, drag and drop strRegion onto the outputs in the Process Outputs tree control. You'll notice that this will open the Process Output editor in the right pane. In the Process Output editor, click in the first cell of the table, this will display a combo box with a list of scopes (e.g. request, session, global, etc.) We want to place strRegion into the session scope, so select session from the combo box. At the conclusion of the action sequence, strRegion will be in the user's session, available to any action sequence executed by the user.

Adding strRegion to the user's session isn't terribly useful unless we do something with it. Earlier I talked about using the user's region information to control access to the data the user sees in a financial report. Let's create an action sequence that will filter the data returned by a relational database query and display it in a simple HTML report. 
Create a new action sequence in Eclipse using the action sequence editor. Call it getActualsForRegion.xaction, and place it in the samples/filters folder of the repository. 
Next, in the action sequence editor, add an input called strRegion to the Process Inputs tree control. Configure it to be of type string, and define its scope to be session. This will give us access to the output parameter strRegion of our userNameToRegion.xaction action sequence.

In the Process Actions tree control, click on the Add control and select Get Data From -> Relational. Make sure the JNDI radio button is selected, and that the JNDI name is SampleData. 
In the SampleData database, there is a table called QUADRANT_ACTUALS containing financial information. The table has a variety of columns with financial data, and one column identifying the region that the data is associated with. We will use the strRegion parameter from our Process Inputs to filter the SQL query using a SQL where clause. Add this query to the Query editor:

...

Specify the Result Set Name as REGION_ACTUALS. And make sure Keep Connection Open is unchecked. 
In order place the information in the result set into the output for our HTML page, expand the Relational node in the Process Actions tree control, and drag and drop REGION_ACTUALS onto the outputs node of the Process Outputs tree control. 

This will open the Process Output editor in the right pane. Click in the first cell of the table, and select response from the combo box. This will place the text of the REGION_ACTUALS result set input the HTTP response stream. This is similar to writing HTML text to the HttpResponse in a Servlet/jsp. 

Configuring Our System Action

...

To login, click on the text "click here to login as Joe", this will populate the Login form with Joe's credentials. Click the Login button. 
Next we need the URL that runs our action sequence. To get this URL, go back to the action sequence editor, and click on the Test tab in the bottom right corner. Click on the Generate URL button. Copy the generated URL, and paste it into your browser's address bar.

You should get something that looks like this: 

It may be interesting to log out, and log back in as Suzy, and run the action sequence again. Notice how the output has changed to deliver financial information for the region that Suzy is responsible for. 

...